Reports/report queue
This commit is contained in:
parent
8e1ef6558b
commit
ce18d43bcd
@ -100,6 +100,8 @@
|
||||
$config['error']['tor'] = 'Hmm… That looks like a Tor exit node.';
|
||||
$config['error']['toomanylinks'] = 'Too many links; flood detected.';
|
||||
$config['error']['nodelete'] = 'You didn\'t select anything to delete.';
|
||||
$config['error']['noreport'] = 'You didn\'t select anything to report.';
|
||||
$config['error']['toomanyreports'] = 'You can\'t report that many posts at once.';
|
||||
$config['error']['invalidpassword'] = 'Wrong password…';
|
||||
$config['error']['invalidimg'] = 'Invalid image.';
|
||||
$config['error']['filesize'] = 'Maximum file size: %maxsz% bytes<br>Your file\'s size: %filesz% bytes';
|
||||
@ -120,6 +122,9 @@
|
||||
$config['error']['invalidpost'] = 'That post doesn\'t exist…';
|
||||
$config['error']['404'] = 'Page not found.';
|
||||
|
||||
// How many reports you can create in the same request.
|
||||
$config['report_limit'] = 2;
|
||||
|
||||
// Reply limit (deletes thread when this is reached)
|
||||
$config['reply_limit'] = 250;
|
||||
|
||||
@ -264,6 +269,12 @@
|
||||
/* Administration */
|
||||
// Display the contents of instance-config.php
|
||||
$config['mod']['show_config'] = ADMIN;
|
||||
// View the report queue
|
||||
$config['mod']['reports'] = JANITOR;
|
||||
// Dismiss an abuse report
|
||||
$config['mod']['report_dismiss'] = JANITOR;
|
||||
// Dismiss all abuse reports by an IP
|
||||
$config['mod']['report_dismiss_ip'] = JANITOR;
|
||||
// View list of bans
|
||||
$config['mod']['view_banlist'] = MOD;
|
||||
// View the username of the mod who made a ban
|
||||
|
@ -828,8 +828,8 @@
|
||||
) == '127.0.0.2';
|
||||
}
|
||||
|
||||
function ReverseIPOctets($inputip) {
|
||||
$ipoc = explode('.', $inputip);
|
||||
function ReverseIPOctets($ip) {
|
||||
$ipoc = explode('.', $ip);
|
||||
return $ipoc[3] . '.' . $ipoc[2] . '.' . $ipoc[1] . '.' . $ipoc[0];
|
||||
}
|
||||
|
||||
|
84
mod.php
84
mod.php
@ -80,6 +80,9 @@
|
||||
// Boards
|
||||
$fieldset['Boards'] .= ulBoards();
|
||||
|
||||
if($mod['type'] >= $config['mod']['reports']) {
|
||||
$fieldset['Administration'] .= '<li><a href="?/reports">Report queue</a></li>';
|
||||
}
|
||||
if($mod['type'] >= $config['mod']['view_banlist']) {
|
||||
$fieldset['Administration'] .= '<li><a href="?/bans">Ban list</a></li>';
|
||||
}
|
||||
@ -102,6 +105,87 @@
|
||||
//,'mod'=>true /* All 'mod' does, at this point, is put the "Return to dashboard" link in. */
|
||||
)
|
||||
);
|
||||
} elseif(preg_match('/^\/reports$/', $query)) {
|
||||
$body = '';
|
||||
|
||||
$query = query("SELECT `reports`.*, `boards`.`uri` FROM `reports` INNER JOIN `boards` ON `board` = `boards`.`id` ORDER BY `time` DESC") or error(db_error());
|
||||
if($query->rowCount() < 1)
|
||||
$body = '(Empty.)';
|
||||
else {
|
||||
while($report = $query->fetch()) {
|
||||
$p_query = prepare(sprintf("SELECT * FROM `posts_%s` WHERE `id` = :id", $report['uri']));
|
||||
$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
|
||||
$p_query->execute() or error(db_error($query));
|
||||
|
||||
if(!$post = $p_query->fetch()) {
|
||||
// Invalid report (post has since been deleted)
|
||||
$p_query = prepare("DELETE FROM `reports` WHERE `post` = :id");
|
||||
$p_query->bindValue(':id', $report['post'], PDO::PARAM_INT);
|
||||
$p_query->execute() or error(db_error($query));
|
||||
}
|
||||
|
||||
openBoard($report['uri']);
|
||||
|
||||
if(!$post['thread']) {
|
||||
$po = new Thread($post['id'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], $post['sticky'], $post['locked'], '?/', $mod, false);
|
||||
} else {
|
||||
$po = new Post($post['id'], $post['thread'], $post['subject'], $post['email'], $post['name'], $post['trip'], $post['body'], $post['time'], $post['thumb'], $post['thumbwidth'], $post['thumbheight'], $post['file'], $post['filewidth'], $post['fileheight'], $post['filesize'], $post['filename'], $post['ip'], '?/', $mod);
|
||||
}
|
||||
|
||||
$po->body .=
|
||||
'<div class="report">' .
|
||||
'<hr/>' .
|
||||
'Board: <a href="?/' . $report['uri'] . '/' . $config['file_index'] . '">' . sprintf($config['board_abbreviation'], $report['uri']) . '</a><br/>' .
|
||||
'Reason: ' . $report['reason'] . '<br/>' .
|
||||
'Reported by: <a href="?/IP/' . $report['ip'] . '">' . $report['ip'] . '</a><br/>' .
|
||||
'<hr/>' .
|
||||
($mod['type'] >= $config['mod']['report_dismiss'] ?
|
||||
'<a title="Discard abuse report" href="?/reports/' . $report['id'] . '/dismiss">Dismiss</a> | ' : '') .
|
||||
($mod['type'] >= $config['mod']['report_dismiss_ip'] ?
|
||||
'<a title="Discard all abuse reports by this user" href="?/reports/' . $report['id'] . '/dismiss/all">Dismiss+</a>' : '') .
|
||||
'</div>';
|
||||
$body .= $po->build(true) . '<hr/>';
|
||||
}
|
||||
}
|
||||
|
||||
echo Element('page.html', Array(
|
||||
'index'=>$config['root'],
|
||||
'title'=>'Report queue',
|
||||
'body'=>$body,
|
||||
'mod'=>true
|
||||
));
|
||||
} elseif(preg_match('/^\/reports\/(\d+)\/dismiss(\/all)?$/', $query, $matches)) {
|
||||
if(isset($matches[2]) && $matches[2] == '/all') {
|
||||
if($mod['type'] < $config['mod']['report_dismiss_ip']) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("SELECT `ip` FROM `reports` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($report = $query->fetch()) {
|
||||
$query = prepare("DELETE FROM `reports` WHERE `ip` = :ip");
|
||||
$query->bindValue(':ip', $report['ip'], PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
} else {
|
||||
if($mod['type'] < $config['mod']['report_dismiss']) error($config['error']['noaccess']);
|
||||
|
||||
$query = prepare("SELECT `post` FROM `reports` WHERE `id` = :id");
|
||||
$query->bindValue(':id', $matches[1], PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($report = $query->fetch()) {
|
||||
$query = prepare("DELETE FROM `reports` WHERE `post` = :post");
|
||||
$query->bindValue(':post', $report['post'], PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
}
|
||||
|
||||
// Redirect
|
||||
if(isset($_SERVER['HTTP_REFERER']))
|
||||
header('Location: ' . $_SERVER['HTTP_REFERER'], true, $config['redirect_http']);
|
||||
else
|
||||
header('Location: ?/reports', true, $config['redirect_http']);
|
||||
} elseif(preg_match('/^\/bans$/', $query)) {
|
||||
if($mod['type'] < $config['mod']['view_banlist']) error($config['error']['noaccess']);
|
||||
|
||||
|
54
post.php
54
post.php
@ -78,7 +78,61 @@
|
||||
$root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
|
||||
|
||||
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
|
||||
|
||||
} elseif(isset($_POST['report'])) {
|
||||
if( !isset($_POST['board']) ||
|
||||
!isset($_POST['password']) ||
|
||||
!isset($_POST['reason'])
|
||||
)
|
||||
error($config['error']['bot']);
|
||||
|
||||
$report = Array();
|
||||
foreach($_POST as $post => $value) {
|
||||
if(preg_match('/^delete_(\d+)$/', $post, $m)) {
|
||||
$report[] = (int)$m[1];
|
||||
}
|
||||
}
|
||||
|
||||
sql_open();
|
||||
|
||||
// Check if banned
|
||||
checkBan();
|
||||
|
||||
if($config['block_tor'] && isTor())
|
||||
error($config['error']['tor']);
|
||||
|
||||
// Check if board exists
|
||||
if(!openBoard($_POST['board']))
|
||||
error($config['error']['noboard']);
|
||||
|
||||
if(empty($report))
|
||||
error($config['error']['noreport']);
|
||||
|
||||
if(count($report) > $config['report_limit'])
|
||||
error($config['error']['toomanyreports']);
|
||||
|
||||
foreach($report as &$id) {
|
||||
$query = prepare(sprintf("SELECT 1 FROM `posts_%s` WHERE `id` = :id", $board['uri']));
|
||||
$query->bindValue(':id', $id, PDO::PARAM_INT);
|
||||
$query->execute() or error(db_error($query));
|
||||
|
||||
if($post = $query->fetch()) {
|
||||
$query = prepare("INSERT INTO `reports` VALUES (NULL, :time, :ip, :board, :post, :reason)");
|
||||
$query->bindValue(':time', time(), PDO::PARAM_INT);
|
||||
$query->bindValue(':ip', $_SERVER['REMOTE_ADDR'], PDO::PARAM_STR);
|
||||
$query->bindValue(':board', $board['id'], PDO::PARAM_INT);
|
||||
$query->bindValue(':post', $id, PDO::PARAM_INT);
|
||||
$query->bindValue(':reason', htmlentities($_POST['reason']), PDO::PARAM_STR);
|
||||
$query->execute() or error(db_error($query));
|
||||
}
|
||||
}
|
||||
|
||||
sql_close();
|
||||
|
||||
$is_mod = isset($_POST['mod']) && $_POST['mod'];
|
||||
$root = $is_mod ? $config['root'] . $config['file_mod'] . '?/' : $config['root'];
|
||||
|
||||
header('Location: ' . $root . $board['dir'] . $config['file_index'], true, $config['redirect_http']);
|
||||
} elseif(isset($_POST['post'])) {
|
||||
if( !isset($_POST['name']) ||
|
||||
!isset($_POST['email']) ||
|
||||
|
@ -93,15 +93,19 @@
|
||||
</form>
|
||||
<hr/>
|
||||
<form action="{post_url}" method="post">
|
||||
<input type="hidden" name="delete" value="1" />
|
||||
<input type="hidden" name="board" value="{board[uri]}" />
|
||||
{mod?<input type="hidden" name="mod" value="1" />}
|
||||
{body}
|
||||
<div class="delete">
|
||||
Delete Post [<input title="Delete file only" type="checkbox" name="file" id="delete_file"/>
|
||||
<label for="delete_file">File</label>] Password
|
||||
<input type="password" name="password" size="12" maxlength="18" />
|
||||
<input type="submit" value="Delete" />
|
||||
<label for="delete_file">File</label>] <label for="password">Password</label>
|
||||
<input id="password"type="password" name="password" size="12" maxlength="18" />
|
||||
<input type="submit" name="delete" value="Delete" />
|
||||
</div>
|
||||
<div class="delete" style="clear:both">
|
||||
<label for="reason">Reason</label>
|
||||
<input id="reason" type="text" name="reason" size="20" maxlength="30" />
|
||||
<input type="submit" name="report" value="Report" />
|
||||
</div>
|
||||
</form>
|
||||
<div class="pages">{btn[prev]} {pages:
|
||||
|
@ -85,15 +85,19 @@
|
||||
</form>
|
||||
<hr/>
|
||||
<form action="{post_url}" method="post">
|
||||
<input type="hidden" name="delete" value="1" />
|
||||
<input type="hidden" name="board" value="{board[uri]}" />
|
||||
{mod?<input type="hidden" name="mod" value="1" />}
|
||||
{body}
|
||||
<div class="delete">
|
||||
Delete Post [<input title="Delete file only" type="checkbox" name="file" id="delete_file"/>
|
||||
<label for="delete_file">File</label>] Password
|
||||
<input type="password" name="password" size="12" maxlength="18" />
|
||||
<input type="submit" value="Delete" />
|
||||
<label for="delete_file">File</label>] <label for="password">Password</label>
|
||||
<input id="password"type="password" name="password" size="12" maxlength="18" />
|
||||
<input type="submit" name="delete" value="Delete" />
|
||||
</div>
|
||||
<div class="delete" style="clear:both">
|
||||
<label for="reason">Reason</label>
|
||||
<input id="reason" type="text" name="reason" size="20" maxlength="30" />
|
||||
<input type="submit" name="report" value="Report" />
|
||||
</div>
|
||||
</form>
|
||||
<a href="{return}">[Return.]</a>
|
||||
|
Loading…
Reference in New Issue
Block a user